7.2

CVE-2020-12659

Exploit
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.71% 0.485
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html
Third Party Advisory
VDB Entry
Mailing List
https://security.netapp.com/advisory/ntap-20200608-0001/
Third Party Advisory
https://usn.ubuntu.com/4387-1/
Third Party Advisory
https://usn.ubuntu.com/4388-1/
Third Party Advisory
https://usn.ubuntu.com/4389-1/
Third Party Advisory
https://bugzilla.kernel.org/show_bug.cgi?id=207225
Vendor Advisory
Exploit
Issue Tracking
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.7
Vendor Advisory
Release Notes
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99e3a236dd43d06c65af0a2ef9cb44306aef6e02
Patch
Third Party Advisory
https://github.com/torvalds/linux/commit/99e3a236dd43d06c65af0a2ef9cb44306aef6e02
Patch
Third Party Advisory